WP-Polls 2.73 Cross Site Scripting

WP-Polls 2.73 Cross Site Scripting

WP-Polls 2.73 - Reflected Cross-site Scripting
Advisory WP-Polls 2.73 Cross Site Scripting

WP-Polls 2.73 - Reflected Cross-site Scripting
Advisory ID: RO-16-005
CVE ID: CVE-2016-10936
Severity: Medium
Vendor: WordPress
Product: WP-Polls
Version: 2.73


Overview #

A Reflected Cross-site Scripting (XSS) vulnerability exists in WP-Polls WordPress Plugin version 2.73.


Vulnerability Details #

Affected Versions: 2.73 and earlier

CVE: CVE-2016-10936

Root Cause: Insufficient input validation in the poll options page.
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=wp-polls/polls-options.php

Vulnerable Parameter (POST): poll_bar_style

Attack Pattern:

'" onmouseover=alert(0x000C5A)



Exploitation Requirements #

Admin authentication required
Victim must interact with the malicious element

Impact #

Remote attackers can exploit this vulnerability to:

Steal admin session cookies
Perform administrative actions
Modify poll settings



Solution #

Update to the latest version of WP-Polls. See changelog.


References #

Invicti Advisory NS-16-009

Timeline:

[2016-06-28] - First Contact
[2016-06-29] - Vendor Replied
[2016-07-29] - Advisory Released

Credits: Omar Kurt